Creator of the Nuke Banking trojan “Leaks” Source Code

The Nuke HTTP bot or nuclear HTTP bot landed in rough waters soon after release. Despite the banking trojan’s unique status and set of features. Some believed that the features listed by the trojan’s vendor, Gosya, were too good to be true at the listed price. Gosya made matters worse when the hacking forum community discovered the entity never gave sample versions of Nuke and the developer’s legitimacy fell into question.

Gosya’s solution to the issue at hand involved an intentional attempt of something usually only done by accident. The base price for Nuke, a modular trojan, fluctuated between $2,500 and $4,000. The discrepancy likely stems from Nuke’s semi-unique feature that removes any pre-installed trojan, making sure that it alone can steal targeted information. (Not as unique as Gosya indicated; the modularity design that included A/V features as a module was unique.) As a semi-unique feature, many considered it the essential one, hence the confusing price statements.

Despite any potential income from a trojan that had no roots to the Zeus or Floki bot, the trojan’s developer felt leaking a few copies of the source code to specific members the community could solve legitimacy problems. However, as often the case, the small number of leaked programs or pieces of software quickly multiply.

Of course, virustotal looked at the Nuke bot before the source code spread across the entire internet. They gave a breakdown the methods used by the bot, along with the fact that Nuke was unique in both application and development. Researchers first noticed the bot in December, 2016. They analyzed a sample version of the dropper’s debugging string: “E:\Nuclear\Bot\Release\Dropper.pdb.”

“Publicly available source code makes for more malware. This is often incorporated into existing projects,” IBM explained. “X-Force researchers noted that NukeBot is likely to see the same process take place in the wild, especially since its code is not copied from other leaked malware, per the developer’s claims,” the IBM report added.

Not long ago, Zeus controlled a great deal of the malware and banking trojan market share. The programmer responsible for the trojan effectively “retired from the malware scene” and released the Zeus bot source code. Many Zeus “wannabees” surfaced but so did the FlokiBot. The internet, or at least specific parts of it, believed the trojan was another of the Zeus “wannabees.” The author even referenced Zeus on internet forums.

But once researchers looked at it, they realized Floki shared some of Zeus’s source code but was a beast of its own. An evolved version of the trojan found on Department of Transportation computers.

Researchers share the same concern with the Nuke or Nuclear banking trojan.